On Wed, 2008-12-10 at 14:13 -0600, McGranahan, Jamen wrote:
Ok, I guess I’m just too used to the Windows environment that I’m having a hard time adjusting to command line interfaces. Here’s the deal: I need to get syslog-ng running on my server. I think I have it installed, downloading the file from sunfreeware.com, putting the file in the /var/spool/pkg directory (file = syslogng-2.0.9-sol10-sparc-local.gz). I then used the pkgadd –d command to install it, which seemed to be fine. But where do I go from here? Has it started or do I need to manually start it? I’m also looking for a syslog-ng.conf file in order to modify it – I’m using this to push log data to another server, and according to the central logging program we are using, I need to modify this file like this:
options { use_fqdn(yes); log_fifo_size(8192); };
source local { file("/var/log/messages"); udp(ip(127.0.0.1) port(514)); internal(); };
filter notdebug { level(info...emerg); }
destination loghost { tcp("name.of.yoursplunkserver" port (9514)); };
log { source(local); filter(notdebug); destination(loghost); };
Any advice/or guidance is greatly appreciated. I know the more I use these Unix boxes, the more I’ll learn…
Depending on the binary, your configuration file location may vary. I also don't know whether the package you used installs an init script at all. The configuration file is usually at /etc/syslog-ng/syslog-ng.conf, but it can also reside under /opt/syslog-ng/etc (depends on the compilation options). If you start syslog-ng by hand: /sbin/syslog-ng -Fedv It should display if it cannot read its configuration file the arguments -Fedv are: -F for foreground -e for logging messages to stderr -d for enabling debug -v for enabling verbose messages You can also explicitly specify the configuration file using the -f switch. Please note that your configuration file lacks the source that would collect local messages. If your package contains the file named "INSTALL" that should give you more information. -- Bazsi